Friday 07/10/09

Fourth State Department worker pleads guilty to passport snooping A fourth person who has worked for the U.S. Department of State has pleaded guilty to a charge connected to illegally accessing confidential electronic passport records, the U.S. Department of Justice said. Read more...

----------

Twitter suspends accounts of users with infected computers
Twitter is suspending the accounts of some users whose computers have fallen victim to a well-known piece of malicious software that has targeted other sites such as Facebook and MySpace.

The malware, Koobface, is designed to spread itself by checking to see if person is logged into a social network. It will then post fraudulent messages on the person's Twitter account trying to entice friends to click the link, which then leads to a malicious Web site that tries to infect the PC.

----------

Botnets infect fewer computers in China
The number of botnets and of computers controlled by them in China has fallen in recent years, though the country remains a top host for the networks of compromised computers, according to the government and independent researchers.

Over 1.2 million computers in China were newly infected with software that enabled their control by a botnet last year, about one-third the figure for the previous year, according to a report published late last month by China's National Computer Network Emergency Response Technical Team (CNCERT).

That followed an equally steep fall from 2006, when the team estimated there were 10 million new infections in China.

----------

Text message scammers quietly prey on regional banks
You get a text message from your bank telling you there's been suspicious activity on your account. You call the number on your phone to see what's going on, and before you know it, you're a victim.

Welcome to the next big thing in phishing.

----------

Korea DDOS virus mission shifts to destroying, erasing data
The owners of tens of thousands of bot-infested PCs in the county -- who've resisted calls all week to update or install anti-virus software -- will likely switch on their PCs on Friday to find their data gone, said computer security specialist AhnLab.

From midnight local time (3 p.m. GMT Thursday) the virus, which has been attacking prominent U.S. and South Korean government and commercial Web sites all week, has been programmed to encrypt user data or reformat the hard drive of the PC.

----------

Microsoft admits it knew of critical IE bug in early '08
Microsoft promises to stymie hackers next week with new patches
Takes unusual step of confirming fixes for bugs currently under attack

Of the six updates previewed today in the advance notice, three will affect Windows, and one each will patch problems in Publisher, Internet Security and Acceleration Server (ISA) and Microsoft's Virtual PC and Virtual Server software. The Windows updates will be tagged "critical," Microsoft's highest threat ranking, while the others will be marked "important," the next rating down in the company's four-step scoring system.

The two aimed at a pair of zero-days -- vulnerabilities exploited before a patch is available -- are the top story, said Andrew Storms, director of security operations at nCircle Network Security. "What really trumps today are the [fixes for the] known bugs," said Storms, referring to one vulnerability in DirectX's DirectShow and another in an ActiveX control exploitable through IE6 and IE7.

----------

Will Google's OS Make the Desktop Safe? PC World – Thu Jul 9, 3:00 pm ET
Google says that its forthcoming Chrome operating system will be so secure that "users don't have to deal with viruses, malware and security updates." But Google's claim is being met with skepticism within the Internet security world.

----------

Should the U.S. Brace for More Cyber Attacks?
Another wave of DDOS attacks hits South Korea, leaving many wondering what the U.S. government is doing to protect itself.

----------

WordPress Fixes Multiple vulnerabilities
WordPress 2.8.1 has been released to fixes many bugs and tightens security for plugin administration pages. Some admin pages added by certain plugins could be viewed by unprivileged users, resulting in information being leaked. Not all plugins are vulnerable to information leak but WordPress advise upgrading to 2.8.1 to be safe.

WordPress announcement is posted here

----------

Inside Gazelle, Microsoft Research's "browser OS"
July 10, 2:47 p.m. UTC - by Ryan Paul Posted in: One Microsoft Way
Microsoft has published a research paper on Gazelle, an experimental "multi-principal OS" for the Web. But it's not actually an operating system; it's really a browser prototype that runs on Windows, and it just might be the future of browsing. Ars takes a close look at the technology behind Gazelle to show you how it compares to Chrome and Internet Explorer.
Read more

----------

Questions about Timing and Microsoft Security Advisory 972890
Posted Thursday, July 09, 2009 2:27 PM by MSRCTEAM
Hi everyone, Mike Reavey here.

You’ve probably seen in Jerry’s Advance Notification posting today announcing that we’re on track to release an update to address the issue discussed in Microsoft Security Advisory 972890.

We’ve gotten some questions from customers about when we got the first report of this vulnerability and how long the investigation has taken relative to the outbreak of attacks against this vulnerability.

-----------

Hardware: Beware the Airport Wireless
schwit1 writes to tell us that a recent study by a Silicon Valley-based security company shows that black-hats have been ramping up their use of tempting free or unsecured wireless access points in high travel areas like airports and hotels.

"According to their study, even the 'secure' networks weren't all too safe. Eighty percent of the private Wi-Fi networks at airports surveyed by Airtight were secured by the aging Wired Equivalent Privacy (WEP) protocol, which was cracked back in 2001. Almost as many — 77 percent — of the networks they surveyed were actually private, peer-to-peer networks, meaning they weren't official hotspots. Instead, they were running off someone else's computer."
Read More...

----------

SEC Says California IOUs Subject to Fed Law
By ROBERT KAHN
(CN) - The IOUs that California is issuing to vendors are securities, and the people or institutions that are forced to accept them in lieu of money are protected by federal securities law, the SEC said Thursday.

----------

Businesses to get final Win 7 in July
Mary Jo Foley: Microsoft notified its reseller partners that it plans to allow business users who've purchased volume licenses plus Software Assurance contracts to get Windows 7 before the end of July.

----------

Microsoft reveals additional details on ActiveX flaw
Dan Kaplan July 10, 2009
Microsoft was first notified of a dangerous ActiveX vulnerability last year, but is working toward a quick fix after it learned of active attacks underway.

----------

MasterCard will not permit automated encryption upgrade
Angela Moscaritolo July 09, 2009
The credit card company has not given a reason why, but it is not allowing merchants to make use of new technology that would automate the process of upgrading encryption keys on certain point-of-sale systems.

----------

Social network site sued for spamming
Chuck Miller July 10, 2009
A social networking site based in San Francisco has been notified that it will be sued by New York state for deceptive email marketing practices and invasion of privacy.

----------

Bush’s Secret NSA Spying May Have Tainted Prosecutions, Report Warns
The Justice Department needs to investigate whether the secretiveness of Bush’s warrantless wiretapping program tainted terrorism prosecutions by hiding exculpatory evidence from defendants, an oversight report from five inspectors general warned Friday.

The report (.pdf), mandated by Congress, also warned that President’ Bush’s post-9/11 extrajudicial intelligence programs involved unprecedented collection of communications, and that the government needs to be careful about storing and using that data.

----------

iPhone Tethering Rumors Get Downright Stupid
Latest rumor: iPhone tethering, MMS slated for September...

----------

Least-Privilege Technology Still Swimming Upstream, But Making Progress
Jul 10,2009 Fundamental shift in endpoint security might be easier with rollout of Windows 7, experts say

----------